Such a security issue, also known as "Probllama," could be leveraged to facilitate the delivery of specially crafted HTTP requests and arbitrary file overwriting.
Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.
Attacks with a new Linux encryptor have been deployed by the RansomHub ransomware-as-a-service operation against VMware ESXi environments, reports BleepingComputer.